PROTECTION OF PERSONAL DATA CLARIFICATION TEXT

ARTSAN TEXTILE TRANSFER PAPERS SAN. VE TİC. LTD. ŞTİ.
WITHIN THE SCOPE OF LAW NO. 6698 ON THE PROTECTION OF PERSONAL DATA
CLARIFICATION TEXT

In this Clarification Text, in accordance with the Personal Data Protection Law No. 6698 (“KVKK”) and the relevant legislation, the DATA RESPONSIBLE, University Mah. Bağlariçi Cad. No:16 Avcılar / ISTANBUL, registered with Avcılar VD 0850031823 Tax Number, Mersis No. 0085003182300011, this CLARIFICATION FORM, ARTSAN TEKSTIL TRANSFER KAĞITLARI SAN. VE TİC. LTD. ŞTİ. (“Company”).

Within the scope of KVKK, personal data refers to any information relating to an identified or identifiable natural person (“Personal Data”) and personal data of special nature, which is a special type of personal data, refers to data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or trade union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data (“Personal Data of Special Nature”). In our capacity as Data Controller, within the scope of our business relationship with you, we hereby inform you that your Personal Data will be recorded, stored, preserved, reorganized, shared with the institutions authorized by law to request such Personal Data and processed in other ways listed in the scope of KVKK within the framework of the purpose that requires their processing and in connection with this purpose, limited and measured manner as you have notified or notified to our Company.

KVK Law : Law No. 6698 on the Protection of Personal Data,

KVK Board : Personal Data Protection Board,

Data Subject : The natural person whose personal data is processed,

Processing of personal data : Any operation performed on personal data such as obtaining, recording, storing, retaining, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.

In this clarification text, personal data and special categories of personal data may be referred to as “Personal data” together. Your personal data processed in line with the purposes stated in the clarification text are transferred in direct proportion to the purposes stated in this text.

PERSONAL DATA SUBJECT GROUPS, PERSONAL DATA, PURPOSE OF PROCESSING PERSONAL DATA, LEGAL BASIS, METHOD OF COLLECTION AND TRANSFER OF PERSONAL DATA
PERSONAL DATA OWNER PERSON GROUP: EMPLOYEE

Personal Data of the Employee: Identity Data (Name, surname, Turkish Republic Identity Number, mother’s name, father’s name, date of birth, marital status, place of birth, gender information, driver’s license, passport number, Identity card information (T.R. K.N., serial no., wallet no., father’s name, mother’s name, place of birth, province, district, neighborhood, volume no., family sequence no., sequence no., household no., page no., registration no., place of issue, reason for issue, date of issue), Contact Data (such as address no., e-mail address, contact address, registered electronic mail address (REM), telephone no.), Physical Space Security Data (such as entry and exit registration information of employees and visitors, camera records), Professional Experience Data (such as diploma information, courses attended, vocational training information, (such as certificates, transcript information), Visual and Audio Records (such as passport photographs, visual and audio recordings), Health Information (such as information on disability status, blood type information, personal health information, information on devices and prostheses used), Criminal Convictions and Security Measures (criminal record, information on criminal convictions and security measures), Signature Data (wet or electronic signature, fingerprint, special marks, etc. on documents that are personal data), Other (military status, candidate interview information, information on the employee’s body size, etc.).), Other (Military service status, candidate interview information, employee’s body size information, etc.)), Personal Data (Payroll Information, Disciplinary Investigation, Property Declaration Information, Curriculum Vitae Information, Performance Evaluation Reports, All kinds of personal data processed for obtaining information that will be the basis for the formation of the personal rights of the employee or real persons who are in a working relationship with the Company (Identity information entered in the personal file, information contained in the job application form, employment contract, disciplinary contract, graduation information, education information, suitability for duty, pension fund information, passport photo, training information, personnel current information form, annual leave usage book / records, etc.), payroll records, wage records, wage records, wage records, wage records, etc.), scorecard records, payrolls, SSI information, disciplinary investigation, employment contract, employment document records, CV information, performance evaluation reports, reference check form, insurance information, AGI, E-Declaration, payroll, signature declaration, registration number, position name, department and unit, title, last date of employment, dates of employment, dates of employment, insurance entry/pension, allocation number, social security number, TTF number, tax office number, flexible hours working status, holding registration number, travel status, pension fund, pension fund entry date, pension fund registration number, Bağkur entry date, Bağkur registration number, accounting code, number of working days, projects worked, total monthly overtime information, severance pay base date, severance pay additional days, days on strike, leave seniority base date, leave seniority additional days, leave group, departure/return date, day, reason for leave, address/phone to be on leave and other documents arising from legal obligations), Legal Transaction Data (such as information in correspondence with judicial authorities, information in the case file), Transaction Security Data (such as IP address information, MAC address, website login and exit information, password and password information), Risk Management Data (information processed to manage commercial, technical and administrative risks related to risks to administrative and technical employees), Financial Data (balance sheet information, financial performance information, credit and risk information, (such as asset information, bank account information, salary details, collateral information, file and debt information regarding enforcement proceedings), Health Information (such as information on disability status, health report, recruitment periodic examination form, accident report, blood group information, personal health information, device and prosthesis information), Biometric Data (fingerprint), Family Relative Information (personal information of the employee’s relative (name-surname, T.C. identity number).

Purpose of Processing Employee Personal Data: Execution of the employment contract, annual and other leave approvals of employees, displaying the remaining leaves and making leave arrangements, ensuring the entry and exit of employees, ensuring payroll transactions, making salary and additional benefit payments, personnel management and payrolls, benefiting your family member from the minimum subsistence allowance, following legal requirements, determining the regulatory process and company management responsibilities, ensuring and auditing compliance with corporate policies such as correct application and compliance audits, security and internet usage requirements, registered transactions, Operational requirements such as training and quality control, security controls, credit rating and control, responding to requests from official authorities regarding crimes and offenses and in-house investigation of criminal allegations, reference control, monitoring and management of safe working principles, conducting employee candidate/intern/student selection and placement processes, conducting employee satisfaction and loyalty processes, fulfilling obligations arising from the employment contract and legislation for employees, conducting fringe benefits and benefits processes for employees, conducting audit/ethics activities, conducting training activities.
Legal obligation: Fulfillment of legal obligations within the scope of the Labor Law, Occupational Health and Safety Law, Social Security Law and other legislation, creation of personnel file, SSI and İŞKUR notifications, LVHI calculation, notification of incentives and legal obligations, ensuring the opening of a compulsory individual pension insurance account, control and management of employment-exit records, payment of salary garnishment deductions of employees to execution files, occupational health and safety procedures, legal notifications of work accidents, police station notification, compliance with archiving and information obligations as required by legislation, fulfillment of court orders.
Ensuring physical space security: Ensuring workplace security, ensuring the entrance and exit of employees to and from the Company headquarters.

Performance evaluations and provision of more qualified services to the Customer: Evaluating the quality of services provided to the Client and providing training to employees, if necessary.
Management of the company, conduct of business, implementation of company policies: In particular;
Ensuring communication with employees, ensuring the fulfillment and proper performance of your social rights and fringe benefits, ensuring workplace security, ensuring identification at the entrance and exit of the workplace, identifying employees in the department, ensuring company management processes and company organization, carrying out emergency management processes, Carrying out information security processes, confirming that the employee to whom a vehicle is allocated or used is competent to drive and has not lost his/her driver’s license for any reason, keeping log records of the logs made by employees in the IT environment, printing business cards, ensuring that packages received via cargo and courier are delivered to the relevant employee, Monitoring the use of company vehicles for the safety of employees and the execution of the work, providing shuttle and travel organization, entering employee data and creating the employee’s work e-mail, conducting research projects related to employees, controlling the entry and exit of employees, recording the documents collected during the application and interview of employees, Ensuring communication for celebration purposes, making training planning, reporting of trainings, preparation of training certificates, tracking employees who participated in the trainings, tracking the development processes of employees as a result of the trainings they received, ensuring quality control and occupational safety, executing access authorizations, providing additional advantages to the company, Defining the right channels for employer branding activities, monitoring and conducting legal affairs, planning human resources processes, conducting/supervising business activities, conducting occupational health/safety activities, receiving and evaluating suggestions for improving business processes, conducting talent/career development activities, authorized person, Providing information to institutions and organizations, conducting performance evaluation processes, making visa applications on behalf of the employee in case of business travel, providing car rental and transportation services for business trips, providing support to company employees, conducting activities in accordance with the legislation, conducting finance and accounting affairs, conducting internal audit/investigation/intelligence activities, Planning business trips and taking necessary actions within this scope, monitoring the devices allocated to you within the scope of the employment contract and providing other personal rights, monitoring the corporate e-mail accounts, GSM lines and electronic devices allocated to you within the scope of the employment contract within the scope of supervision of the use of the corporate e-mail accounts, GSM lines and electronic devices allocated to you within the scope of the employment contract in accordance with the purpose of allocation, follow-up of expense and leave forms, The purposes of this information is collected for the purposes of conducting logistics activities, organization and event management, managing risk management processes, conducting storage and archive activities, conducting strategic planning activities, and, if you give your consent, making position changes according to your determined health status and thus providing you with job positions that are suitable for your health. In line with the purposes set out in the contract you have concluded with our company, maintaining and improving effective employee management, in a manner that does not contradict the laws and fundamental rights and freedoms and personal interests of individuals; use in line with the legitimate interests of the company, management of power of attorney and signature circular processes to be carried out within the scope of representation and assignment within and outside our company.

Within the scope of our company’s obligations to ensure and improve occupational health and safety;
It is processed and transferred for the purposes of creating emergency lists and conducting emergency operations, creating emergency analysis reports, conducting occupational accident examinations, conducting recruitment examinations, and conducting processes related to obtaining a health report from the workplace physician.

Legal Basis for Processing Employee Personal Data: According to paragraph 1 of Article 5; ” Personal data cannot be processed without the explicit consent of the person concerned.” and according to paragraph 2, in the presence of one of the following conditions, it is possible to process personal data without seeking the explicit consent of the person concerned: According to subparagraph (a), ”It is clearly stipulated in the laws”, according to subparagraph 5/2 (b), ”It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his consent due to actual impossibility or whose consent is not legally valid, or of another person”, according to subparagraph 5/2 (c), ”Provided that it is directly related to the establishment or performance of a contract, ”, according to subparagraph (ç), ”It is mandatory for the data controller to fulfill its legal obligation”, according to subparagraph (d), ”It is made public by the data subject himself/herself”, according to subparagraph (f), ”Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject” and according to paragraph 2 of Article 6. According to paragraph 2 of Article 6, ”It is prohibited to process sensitive personal data without the explicit consent of the data subject” and according to paragraph 3, ”Personal data related to health data can only be processed by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, without seeking the explicit consent of the data subject”.

Methods of Collection of Employee Personal Data: Your personal data may be collected by the Company from you personally or through websites that allow you to apply for a job, through e-mail channels, through documents such as expense and permission forms that you have filled out, etc., in physical and digital environments, through all kinds of written, verbal, electronic media, by automatic or non-automatic methods, in order to be used for the purposes specified in this Clarification Text. In accordance with the legal obligation and legitimate interest of the Company to ensure workplace security, we collect it through the cameras we place in the workplace building. In order to fulfill our legal obligation and as stipulated by law, we collect your health data physically through our workplace physician and your personal data physically or electronically from the building management in order to ensure workplace security.
Through systems that control entry and exit hours; It is collected by taking fingerprints given to
you due to the legitimate interest and legal obligation of the data controller, such as ensuring workplace security and tracking the entry and exit hours of employees, making payroll records, fulfilling payroll arrangements.

Transfer of Employee Personal Data: According to paragraph 1 of Article 8 of the law that determines the transfer of personal data; According to paragraph 1 of Article 8, ”Personal data cannot be transferred without the explicit consent of the person concerned.” and according to paragraph 2, personal data; (a) subparagraph “In the second paragraph of Article 5,” (b) subparagraph “Provided that adequate measures are taken,” in the third paragraph of Article 6, “In the presence of one of the conditions specified, it can be transferred without seeking the explicit consent of the person concerned. Transfer will be made according to the provision and for your personal data shared with institutions / organizations / companies, according to paragraph 1 of Article 9, ”personal data cannot be transferred abroad without the explicit consent of the person concerned. ” transfer will be made by obtaining your explicit consent.

Your personal data is transferred to the following groups of persons within the framework of the conditions specified in Articles 8 and 9 of the Law and provided that it is limited to the purposes listed in the above article. No personal data is transferred to third parties other than those listed.

Based on the data processing condition of “establishment or execution of the contract” regulated in subparagraph 5/2 (c) of the KVK Law; with banks, independent accountants / financial consultancies and our relevant suppliers in order to realize your salary payments and fringe benefits, to carry out the activities of the Company, and based on the data processing condition of “fulfillment of the legal obligation of the data controller” regulated in subparagraph 5/2 (ç) of the KVK Law; only when necessary, with the Ministry of Labor and Social Security, Social Security Institution, Turkish Employment Agency, courts and other public institutions and organizations requesting information; with financial advisors/accounting firms;

Based on the data processing condition of “establishment, exercise or protection of a right” regulated in Article 5/2 (e) of the KVK Law; with law offices and other consultants for the purposes of using your personal data as a means of proof in possible disputes, obtaining legal consultancy and technical support, enforcing the employment contract, and auditing whether the parties comply with their obligations;

Your personal data of special nature may be disclosed to persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, without your explicit consent, in cases stipulated in paragraph 3 of Article 6 of the KVK Law with the reference to paragraph 2 of Article 8 of the KVK Law; your personal data regarding health and sexual life;

With the companies we are affiliated with or work in partnership with in order to ensure our internal functioning;

The necessary ones from your personal data may be shared and transferred with the company we work with in the relevant subject for reasons such as transportation, vehicle supply, business card printing, parking registration.

PERSONAL DATA SUBJECT GROUP: INTERNSHIP

Personal Data Collected: Identity Data (such as name, surname, date of birth, place of birth, marital status, nationality, T.R. ID No.), Financial Data (such as bank information, etc.), Physical Space Security Data (such as Security Camera Records, Entry-Exit Logbooks, etc.), Professional Experience Data (such as diploma information.), Physical Space Security Data (such as Security Camera Records, Entry and Exit Logbooks during the time when employees and visitors are in the physical space), Professional Experience Data (such as diploma information, courses attended, vocational training information, certificates, transcript information), Transaction Security Data (IP address information, MAC address, website login and exit information, such as password and password information), Contact Data (such as address number, e-mail address, contact address, telephone number), Health Data (such as information on disability status, blood group information, personal health information, device and prosthesis information, health report), Signature Data (such as wet or electronic signature, fingerprint, special marks, etc. on documents that are personal data), Family Relative Data (such as Parent Name, Parent Phone Number, Parent Proximity Information, Parent Residence Information, Parent E-Mail Address).), Family Relative Data (such as Parent’s Name and Surname, Parent’s Phone Number, Parent’s Relationship Information, Parent’s Residence Information, Parent’s E-Mail Address).

Purpose of Processing Personal Data: Execution of emergency management processes, execution of assignment processes, execution of information security processes, execution of activities in accordance with the legislation, execution of finance and accounting activities, execution of communication activities, planning of human resources processes, execution of business continuity activities, ensuring the security of data controller operations, execution / supervision of business activities, execution of occupational health / safety activities, execution of intern selection and placement processes.

Legal Basis for Processing Personal Data: According to paragraph 1 of Article 5; ”Personal data cannot be processed without the explicit consent of the data subject.” and according to paragraph 2, according to subparagraph (f), ”Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject”, according to subparagraph (ç), ”It is mandatory for the data controller to fulfill its legal obligation”, according to subparagraph (d), ”It is made public by the data subject himself”.

Methods of Collecting Personal Data: It can be collected by mail in digital media or by forms/documents in physical media.

Transfer of Personal Data: According to paragraph 2 of Article 8 of the law determining the transfer of personal data, personal data can be transferred without seeking the explicit consent of the person concerned, provided that one of the conditions specified in subparagraph (a) “In the second paragraph of Article 5,” subparagraph (b) “Provided that adequate measures are taken,” in the third paragraph of Article 6, “in the presence of one of the conditions specified. According to the provision and paragraph 1, “Personal data cannot be transferred without the explicit consent of the person concerned.” Your personal data shared and transferred according to the provision “Personal data cannot be transferred without the explicit consent of the person concerned.” can be shared and transferred with our direct or indirect subsidiaries, group companies, shareholders/partners, the bank we have contracted with, independent accountants / financial advisors, authorized persons and institutions,

PERSONAL DATA SUBJECT PERSON GROUP : SUPPLIER / SERVICE PROVIDERS

Personal Data of Suppliers / Service Providers: Identity Data (such as name, surname, title, T.C. ID No.), Contact Data (such as address number, e-mail address, contact address, registered electronic mail address (KEP), telephone number), Legal Transaction Data (information, such as information in the case file in correspondence with judicial authorities), Risk Management Data (such as information processed for the management of commercial, technical, administrative risks), Financial Data (bank information, balance sheet information, financial performance information, credit and risk information, tax office, tax number, mersis number, signature circular), Customer Transaction Data (call center records, invoice, promissory note, check information, information in box office receipts, order information, request information, tax office, tax number, mersis number, signature circular)

Purpose of Processing Personal Data of Suppliers / Service Providers: It is processed and transferred for the purposes of carrying out emergency management processes, carrying out activities in accordance with the legislation, carrying out financial and accounting affairs, monitoring and conducting legal affairs, carrying out communication activities, receiving and evaluating suggestions for improving business processes, carrying out risk management processes, carrying out supply chain management processes, ensuring the security of data controller operations.

Legal Basis of Personal Data of Suppliers / Service Providers: According to paragraph 1 of Article 5; ” Personal data cannot be processed without the explicit consent of the person concerned.” and according to the 2nd paragraph, according to subparagraph (a), ”It is clearly stipulated in the laws”, according to subparagraph 5/2 (b), ”It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his consent due to actual impossibility or whose consent is not legally valid, or of another person”, according to subparagraph 5/2 (c), ”Provided that it is directly related to the establishment or performance of a contract, According to subparagraph (ç), “It is mandatory for the data controller to fulfill its legal obligation”, according to subparagraph (d), “It is made public by the data subject himself/herself”, according to subparagraph (f), “Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject

Collection Method of Personal Data of Suppliers / Service Providers: On the digital platform; It can be collected via e-mail or in physical environment with forms, documents or verbally by you personally.

Transfer of Personal Data of Suppliers / Service Providers: According to paragraph 2 of Article 8 of the law that determines the transfer of personal data, personal data can be transferred without seeking the explicit consent of the person concerned in the presence of one of the conditions specified in paragraph (a) “in the second paragraph of Article 5,” paragraph (b) “provided that adequate measures are taken,” in the third paragraph of Article 6, “without seeking the explicit consent of the person concerned. According to the provision and according to paragraph 1, “Personal data cannot be transferred without the explicit consent of the person concerned.” Your personal data shared and transferred according to the provision “Personal data cannot be transferred without the explicit consent of the person concerned.” can be shared and transferred with our direct or indirect subsidiaries, group companies, shareholders / partners, private law persons and independent accountants / financial advisors, authorized persons and institutions with the bank we have contracted with.

PERSONAL DATA OWNER PERSON GROUP : PERSON / CUSTOMER RECEIVING PRODUCT OR SERVICE

Personal Data of the Person/Customer Receiving the Product or Service: Identity Data (such as name, surname, title, T.C. ID No.), Contact Data (such as address number, e-mail address, contact address, registered electronic mail address (KEP), telephone number), Legal Transaction Data (information, such as information in the case file in correspondence with judicial authorities), Risk Management Data (such as information processed for the management of commercial, technical, administrative risks), Financial Data (bank information, balance sheet information, financial performance information, credit and risk information, tax office, tax number, mersis number, signature circular), Customer Transaction Data (call center records, invoice, promissory note, check information, information in box office receipts, order information, request information, tax office, tax number, mersis number, signature circular)

Marketing Data (such as shopping history information, surveys, cookie records, information obtained through campaigns), Health Data (such as personal health-related information)

Purpose of Processing Personal Data of the Person/Customer Receiving Products or Services: Execution of emergency management processes, execution of activities in accordance with the legislation, execution of finance and accounting works, execution of communication activities, execution of logistics activities, execution of goods / service after-sales support services, execution of customer relations management processes, execution of activities for customer satisfaction, execution of goods / service sales processes, execution of marketing analysis studies, processing and transferring for the purposes of conducting advertising / campaign / promotion processes, conducting contract processes, following up requests / complaints, ensuring the security of movable goods and resources, conducting marketing processes of products / services, conducting supply chain management processes, conducting company / product / services loyalty processes, following up and conducting legal affairs, receiving and evaluating suggestions for improving business processes.

Legal Basis of Personal Data Belonging to the Person/Customer Receiving Products or Services: According to paragraph 1 of Article 5; ” Personal data cannot be processed without the explicit consent of the person concerned.” and according to the 2nd paragraph, according to subparagraph (a), ”It is clearly stipulated in the laws”, according to subparagraph 5/2 (b), ”It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his consent due to actual impossibility or whose consent is not legally valid, or of another person”, according to subparagraph 5/2 (c), ”Provided that it is directly related to the establishment or performance of a contract, According to subparagraph (ç), “It is mandatory for the data controller to fulfill its legal obligation”, according to subparagraph (d), “It is made public by the data subject himself/herself”, according to subparagraph (f), “Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject”.

Method of Collecting Personal Data of the Person/Customer Receiving Products or Services: It is collected verbally by you personally, through e-mail, our website, social media applications in digital media or through forms and documents in physical media.

Transfer of Personal Data Belonging to the Person/Customer Receiving Products or Services: According to paragraph 2 of Article 8 of the law that determines the transfer of personal data; According to paragraph 2 of Article 8, personal data can be transferred without seeking the explicit consent of the person concerned in the presence of one of the conditions specified in subparagraph (a) “In the second paragraph of Article 5,” subparagraph (b) “Provided that adequate measures are taken,” in the third paragraph of Article 6, “In the presence of one of the conditions specified. According to the provision and according to paragraph 1, “Personal data cannot be transferred without the explicit consent of the person concerned.” Your personal data shared and transferred according to the provision “Personal data cannot be transferred without the explicit consent of the person concerned.” can be shared and transferred with our direct or indirect subsidiaries, group companies, shareholders / partners, private law persons and independent accountants / financial advisors, authorized persons and institutions with the bank we have contracted with.

PERSONAL DATA OWNER PERSON GROUP : VISITOR

Personal Data of the Visitor: Identity Data (name, surname), Physical Space Security Data (entry and exit registration information of visitors, camera records, visitor book)

Contact Data (phone no)

Purpose of Processing Personal Data of the Visitor: Execution of emergency management processes, ensuring physical space security, conducting internal audit / investigation / intelligence activities, creating and tracking visitor records, ensuring the security of data controller operations, providing information to authorized persons, institutions and organizations, ensuring confidentiality, To provide better service, to use as evidence in disputes that may arise in the future, to meet the demands of authorized public institutions or organizations in the management of emergencies, to ensure entry-exit controls, to ensure the security of the company, to provide detection in any forensic crime cases, and for audit purposes.

Legal Basis of Personal Data of the Visitor: According to subparagraph (f) of paragraph 2 of Article 5 of the Personal Data Protection Law, “Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned.” is processed and collected according to the legal basis.

Method of Collection of Personal Data of the Visitor : It is processed and collected digitally through camera recordings and voice recordings digitally by our company, especially security services, and by the security unit in a physical environment through the visitor book. Your health data is not processed by us by providing fever measurement by means of a digital thermometer and HES code control at entrances, provided that it is valid only within the scope of the pandemic process, especially occupational health and safety, public health and Covid 19 preventive measures.

Transfer of Personal Data of the Visitor: According to paragraph 2 of Article 8 of the law determining the transfer of personal data; personal data; (a) subparagraph “In the second paragraph of Article 5,” (b) subparagraph “Provided that adequate measures are taken,” in the third paragraph of Article 6, “In the presence of one of the conditions specified, it can be transferred without seeking the explicit consent of the person concerned. Transfers are made according to the provision and with authorized institutions and organizations when necessary.

By the Company; Personal Data collected within the scope of the activities offered or provided by the Personal Data subject, in accordance with the requirements of the current technology, may be obtained, recorded, stored, maintained, disclosed, transferred to third parties to the extent permitted by the legislation or processed in other ways within the framework described below due to the execution of commercial activities in accordance with the law, access to legal portals and other legal regulations and obligations in accordance with the KVKK and related legislation by the data controller Company. The personal data in question, apart from the regulations on the processing of data legally, following the examination of this DISCLOSURE FORM, if the Personal Data Owner gives EXPLICIT CONSENT; analysis, to confirm the identity information of the person who made / made on behalf of the person who gave EXPLICIT CONSENT through the website / mobile applications, to make the necessary checks, to record the address and other necessary information for communication, to make the necessary information, to make the necessary notifications, electronic (internet / mobile etc.) or paper media.) or to organize all records and documents that will be the basis of the transaction in electronic (internet/mobile etc.) or paper environment, to provide information to public officials upon request and in accordance with the legislation on issues related to public security, to fulfill our legal obligations and to exercise our rights arising from the legislation in force, In addition to the execution of commercial activities carried out by the Company, it may be processed, stored for other issues specified in the EXPLICIT CONSENT / Consent form and permitted by the Data owner, and if given within this scope, it may be shared and transferred with business partners and suppliers, legally authorized public institutions and organizations and private legal entities, including third parties from whom services are received within the scope of explicit consent. Except for legal obligations and legally recognized rights, the Company DOES NOT SHARE Personal Data with third parties in any way prohibited by law, with or without explicit consent. Within the scope of the Law No. 6698 on the Protection of Personal Data, your personal data will be processed in accordance with Article 4 of the law for these purposes and will be deleted and destroyed in accordance with the procedures and principles of Article 7 of the law.

You can exercise your rights regarding your personal data by clicking ” You can access from the “WAYS TO APPLY TO THE DATA CUSTODIAN” section.

WAYS TO APPLY TO THE DATA CONTROLLER

Article 11 of the KVK Law; By applying to the Company,

To learn whether personal data is processed, to request information if personal data has been processed, to learn the purpose of processing personal data and whether they are used in accordance with their purpose, to know the third parties to whom personal data is transferred domestically or abroad, to request correction of personal data in case of incomplete or incorrect processing of personal data and to request notification of the transactions made within this scope to third parties to whom personal data is transferred, Law No. 6698 on the Protection of Personal Data and other relevant provisions of the law, to request the deletion or destruction of personal data within the framework of the conditions stipulated in the provisions of other relevant laws and to request notification of the transactions made within this scope to third parties to whom personal data is transferred, to object to the occurrence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems, and to demand the compensation of the damage in case of damage due to unlawful processing of personal data.
If you wish to exercise your rights, you may submit your applications in accordance with the procedures and principles in the Communiqué on the Procedures and Principles of Application to the Data Controller dated 10.03.2018 and numbered 30356, together with the documents showing your identity; After filling out the application form on http://artsantransfer.com/, a wet signed copy of the application form;

In person or through a notary public to “Üniversitesi Mah. Bağlariçi Cad. No:16 Avcılar / ISTANBUL” address,
Sending electronic mail to the e-mail address kvkk@artsantransfer.com in soft media by using the registered electronic mail (KEP) address, secure electronic signature, mobile signature or the e-mail address you have previously notified to our Company and registered in our systems,
You can forward it by applying by other methods specified in the KVK Law.

In order for third parties to make an application request on behalf of personal data owners, there must be a special power of attorney issued by the data owner through a notary public on behalf of the person who will make the application.

Your request or requests in your application will be finalized free of charge as soon as possible and within 30 (thirty) days at the latest, depending on their nature. However, if the transaction requires an additional cost for the Company, the fee in the tariff determined by the Personal Data Protection Board will be charged.

YOUR RIGHTS REGARDING THE DATA PROCESSING PROCESS

In the event that the application made by following the above-mentioned procedure is rejected, the response is found insufficient or the application is not responded to in due time, the Data Owner has the right to file a complaint to the Personal Data Protection Board within thirty days following the notification of the response and probably within sixty days from the date of application. However, in accordance with the legal regulation, the complaint cannot be filed without exhausting the remedy.

ARTSAN TEKSTİL TRANSFER KAĞITLARI SAN. VE TİC. LTD. ŞTİ. in the capacity of Data Controller regarding your Personal Data. ……………… You can review our POLICY REGARDING THE PROCESSING OF PERSONAL DATA organized by ŞTİ. in accordance with the legal legislation here. In addition to this policy, explicit approval and legal regulations, ARTSAN TEKSTİL TRANSFER PAPERS SAN. VE TİC. LTD. ŞTİ. It shows the necessary care and attention to protect your personal data and not to be used outside the legislation and takes the necessary technological and administrative measures to prevent access to this data by 3rd parties.